Successful spear phishing attacks against organizations such as , the and have considerably heightened awareness of the threat.

Even so, an organization's ability to defend itself against such attacks rests substantially on its employees.

In a spear phishing campaign, an attacker sends a fake email message containing a malicious link or attachment to a targeted victim. The email is typically designed to appear like it came from a trusted source and tries to persuade the recipient to click on the malicious link or open the malicious attachment. In many cases, the phishing emails are personalized, localized, and contains content designed to convince the recipient, of the authenticity of the sender.

Often, all it takes for an attacker to gain a foothold in an otherwise secure network is for one phishing email recipient to click on a malicious link or attachment. The real danger with such attacks is that they are highly targeted and persistent in nature, Miller said. "Any time you see such attacks they are of the highest concern," he said. "Shotgun attacks don't care about the victim so long as they hit any target."

Anup Ghosh, founder of the security firm Invincea, said that despite heightened awareness, phishing remains a major problem. And contrary to popular perception, spear phishing attacks are not always targeted at just a handful of highly placed individuals within an organization, he said.